The kernel is a computer program that constitutes the central core of a computer's operating system. Turning to FIG. 1, the RAM (random access memory) 8 includes an operating system (OS) 10 is divided into kernel space 12 and user space 14. The kernel space 12 is the core of the operating system, and typically has full access to all memory and machine hardware. Only the most trusted code runs in the kernel space 12, also known as the kernel mode. The user space 14 is where typical user programs are run. This user space 14 typically also functions as a sand box (a sandbox is a security mechanism for separating running programs, which is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system), and restricts user programs from corrupting the memory.
Kernel exploits function to execute code with kernel/supervisor permissions. For example, the exploit employs methods to execute code, running, from the kernel mode. These methods include, for example, exploits which execute code from a buffer in the user space memory, for example, a process heap, after changing the memory permissions to executable, from previously unexecutable. Also, the exploits may execute code from executable memory in the kernel space by utilizing ROP (Return Oriented Programming) techniques. ROP is a computer security exploit technique that allows leveraging a sequence of bytes in a memory, which are small pieces of code in a memory already marked as executable. Finally, exploits running from the kernel mode execute code from a non-executable buffer stored in kernel space memory (e.g., memory pool), after changing the memory permissions to executable.